Personalized Attention From A Small Law Firm With Large Law Firm Resources

Privacy Policy

We have adopted the following policies and procedures to document our information security program to protect Non-public Personal Information as required by local, state and federal law. Compliance with the following procedures is required of all employees and failure to comply with the procedures outlined herein will be grounds for immediate termination of employment.

Our company recognizes we must take necessary and appropriate steps, within our capabilities, to protect Non­ public, Personal Information (NPI) from loss or misuse to avoid reputational damage and to prevent the use of this data from adversely impacting our customers and business. The protection of this data is a critical business requirement, yet flexibility to access the data and to work efficiently with it was also considered in the development of this Policy. This policy will be evaluated annually, and adjusted in the event our business operations change or as a result of our security testing and monitoring. For the purposes of this policy Non-public Personal Information (NPI) is defined as “First name or first initial and last name coupled with any of the following: Social Security Number, Driver’s license number, state issued ID number, credit card number, debit card number or other financial account numbers.” “Personal Information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

A.  Physical security of Non-public Personal Information (NPI)

To help ensure the physical security of all Non-public Personal Information we will:

  1. Restrict access to Non-public Personal Information to authorized employees with a legitimate business purpose, on a need to know basis.
  2. Restrict the use of removable media unless authorized by management and properly secured and stored when not in use.
  3. Use only secure methods of transmitting NPI
  4. Share information with third parties and affiliated or related parties only in accordance with our Privacy Notice which shall be provided to all parties upon or immediately after receipt of an application to provide title or closing services.

B.  Network security of Non-public Personal Information

To help ensure the secure collection, transmission, and storage of Non-public Personal Information within our network we will:

  1. Take appropriate steps to protect the security of our computing network to include, firewalls, up to date virus protection, and intrusion detection and prevention systems.
  2. Utilize strong, individual, and unique passwords that are changed periodically. A strong password is at least 8 characters in length and contains 3 of the following 4 types of characters (lower case letters, upper case letter and special characters)
  3. Encrypt any email transmission containing NPI
  4. Provide our employees with our “Acceptable Use of Information Technology Policy” (see attached) that is acknowledged annually. This helps assist our staff and other authorized users in conducting the tasks associated with their job and remain in compliance with the Company’s Privacy Policy (see attached) and all relevant federal and state laws and regulations protecting NPI.

C.      Disposal of Non-public Personal Information

To help protect and properly dispose of Non-public Personal Information we have:

  1. Clearly defined and communicated to our employees what types of information/data fall into the category of
  2. Required all hardware containing NPI that is to be disposed of to be erased/encrypted or physically destroyed prior to disposal.

D.    Establish a disaster management plan

The company has established a Disaster Recovery Plan. This plan helps ensure adequate back-up, recovery and business continuity procedures for our company. This plan is reviewed and updated annually as appropriate.

E.    Appropriate management and training of employees to help ensure compliance with the Company’s information security program

To ensure appropriate management of our policy, and employee training regarding the Company’s information security policy we:

  1. Provide all employees with a copy of our Acceptable Use of Information Technology Resources policy and obtain signed acknowledgements of receipt.(see attached)
  2. Review our Information and Data Privacy Policy annually to detect the potential for improper disclosure of confidential information and update as appropriate.
  3. Oversee all third party service providers to help ensure compliance with our Company’s information security program. Providers are selected after appropriate due diligence. We retain service providers that are capable of appropriately safeguarding Non-public Personal Information. They are provided with copies of this information security policy and made aware of procedures to notify our company immediately in the event of any security breach involving NPI. If security breaches occur, proper notification is provided to consumers and law enforcement in accordance with the Company’s privacy and information security

F.  Notification of security breaches to customers and law enforcement

To ensure proper notification of security breaches to our customers and law enforcement we will:

Adhere to our procedure to notify our customers and law enforcement of the breach as required by law or contract. All data breaches will be reported and investigated in a timely manner. In the event of a breach, employees will immediately notify a supervisor or agency management. The data will be secured to prevent any further breach, and the reasonable integrity, security and confidentiality of the data or data system will be restored.

  • Contact our IT department (or IT contractor) to help determine the nature of the breach in terms of its extent and We may also contact our Legal Department (or Attorney) to help determine the category of the breach.
  • Document the breach, the scope of the breach, steps taken to contain the breach, and the names or categories of persons whose personal information was, or may have been, accessed or acquired by an unauthorized person.
  • Provide the documentation on the breach to senior management who will direct that notification be given to affected parties if the breach appears to have resulted in the theft or loss of NPI.
  • Provide notification of a breach to affected individuals without unreasonable delay except that notification shall be delayed if law enforcement informs the Company that disclosure of the breach would impede a criminal or other A request for delayed notification must be made in writing including the name of the law enforcement officer making the request and the officer’s agency engaged in the investigation. Such delayed notification shall continue until the law enforcement agency communicates to the Company its determination that notification will no longer impede the investigation.
  • Ensure the notification is clear and conspicuous and includes the following:
    1. A description of the incident in general terms;
    2. A description of the type of personal information that was subject to the unauthorized access and acquisition;
    3. A general description of the actions taken to protect the personal information from further unauthorized access.
    4. A telephone number that the person may call for further information and assistance;
    5. Advice that directs the person to remain vigilant by reviewing account statements and monitoring free credit reports;
    6. The toll-free numbers and addresses for the major consumer reporting agencies: and the toll free numbers, address, and website address for the Federal Trade Commission (FTC) and the Attorney General’s Office for the state in which the victim is located, along with a statement that the individual can obtain information from these sources about preventing identify theft.
  1. Notify the affected persons by one of the following methods:
    1. If we can identify the particular individuals affected and have the necessary contact information of the affected individuals, notice will be provided in writing by US Postal Service or by electronic notification if the Company has a valid email
    2. If we do not have the necessary contact information to notify an individual or are not able to identify particular affected individuals, notice will be provided by a conspicuous posting on the Company’s website and publication in widely distributed print media in the states where affected individuals are reasonably anticipated to

We partner with Thomson Reuters, who might also collect data as part of our marketing efforts. To learn more about the Thomson Reuters privacy policy and the data that might be collected, please visit: Thomson Reuters Privacy Statement.